A Model for Attribute-Based User-Role Assignment

Mohammad A. Al-Kahtani; Ravi Sandhu

doi:10.1109/CSAC.2002.1176307

A
ACSAC
2002
18th Annual Computer Security Applications Conference (ACSAC '02)
Abstract - A Model for Attribute-Based User-Role Assignment

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Mohammad A. Al-Kahtani Articles by Ravi Sandhu

18th Annual Computer Security Applications Conference (ACSAC '02)

A Model for Attribute-Based User-Role Assignment

San Diego California

December 09-December 13

ISBN: 0-7695-1828-1

	ASCII Text	x
	Mohammad A. Al-Kahtani, Ravi Sandhu, "A Model for Attribute-Based User-Role Assignment," Computer Security Applications Conference, Annual, pp. 353, 18th Annual Computer Security Applications Conference (ACSAC '02), 2002.

	BibTex	x
	@article{ 10.1109/CSAC.2002.1176307, author = {Mohammad A. Al-Kahtani and Ravi Sandhu}, title = {A Model for Attribute-Based User-Role Assignment}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2002}, issn = {1063-9527}, pages = {353}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.2002.1176307}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - A Model for Attribute-Based User-Role Assignment SN - 1063-9527 SP EP A1 - Mohammad A. Al-Kahtani, A1 - Ravi Sandhu, PY - 2002 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

Mohammad A. Al-Kahtani, George Mason University

Ravi Sandhu, SingleSignOn.net, Inc. and George Mason University

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.2002.1176307

The Role-Based Access Control (RBAC) model is traditionally used to manually assign users to appropriate roles, based on a specific enterprise policy, thereby authorizing them to use the roles' permissions. In environments where the service-providing enterprise has a huge customer base this task becomes formidable. An appealing solution is to automatically assign users to roles. The central contribution of this paper is to describe a model to dynamically assign users to roles based on a finite set of rules defined by the enterprise. These rules take into consideration the attributes of users and any constraints set forth by the enterprise?s security policy. The model also allows dynamic revocation of assigned roles based on conditions specified in the security policy. The model provides a language to express these rules and defines a mechanism to determine seniority among different rules. The paper also shows how to use the model to express Mandatory Access Controls (MAC).

Citation:

Mohammad A. Al-Kahtani, Ravi Sandhu, "A Model for Attribute-Based User-Role Assignment," acsac, pp.353, 18th Annual Computer Security Applications Conference (ACSAC '02), 2002

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.